Unauthorised Access UK 0636-708063 10pm-7am 12oo/24oo * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ASPEN VOICE MAIL -- PART I, "TUTORIAL FOR USE OF OCCUPIED BOXES" * * * * Written by Codec ::T1, Kopyright 1992. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Abstract: The method for use of ASPEN voice mail boxes that are already "taken" or "owned" is presented. It is assumed that the reader is familiar with voice mail, and the basic approaches used to break such systems. No bones about it--Octel's ASPEN systems are and have been the best voice mail systems since the genesis of voice mail technology. The response-handling, features, and overall smoothness of the systems are unbeatable. No, I don't own stock in the stuff, but I've abused the hell out of ASPENs for over six years. At $0.25/min on a WATS line that's a good chunk of our gross national product. The ASPEN voice mail system (VmS) can be secure if the administrator is some kind of hacker anti-Christ (setting minimum password length = 8), but most are generally ignorant of the existence of our breed. The cost of these systems are very high and so are usually owned by mid to large corporations, especially if on a WATS line. This is great as it means you will have a much better chance of going unnoticed when their phone bill takes a turn for the worse. However there are a couple of smaller versions, namely the Branch (8 ports) and the Branch XP (16 ports) that feel and sound like the hulking giants, but are miniscule in comparison. To give you a feel for the size of a Branch: my friend stole one from Executone Inc., and stored it in the trunk of my VW Jetta for a week until he could sneak it into his house. So be sure to get some idea of the size of the system you've hacked (take into consideration the number and scope of the mailboxes found as well as the name of the company); control usage accordingly. Your box can last for years when it's not constantly topping the usage charts. Since we are concerned in this part with mailboxes that are active on the system, the need for usage control is not as important as when you've secured a vacant or unused box. One system I was on--RCA Corp.-- had quite lame security at one time. When someone was fired or left the company, the mailboxes were reset so that they existed as vacant boxes. Many months after I ransacked the system, the administrators--looking for the source of operating cost spikes no doubt--noticed that the most active users on the system were employees presumed dead or retired (this I found out after I called RCA and tried to bullshit a box back into existence). So security was tightened and hackers eliminated--or so they thought. I just resorted to using active boxes, and remained with RCA for several more years... On a typical VmS, an active box is practically useless, depending on how often the owner logs in. It can be used at night for an information drop, but everything has to be back to normal by morning. On an ASPEN, most systems have a "guest" feature enabled. A mailbox owner can have up to three guests who can only send and receive messages from the mailbox owner. So when you log on to many ASPEN boxes, you're actually the owner of FOUR mailboxes: |------> Mailbox #WXYZ, Guest 1 | ------> Mailbox #WXYZ ------>|------> Mailbox #WXYZ, Guest 2 "main level" | |------> Mailbox #WXYZ, Guest 3 Each of the four mailboxes has a separate password, with the master password giving acces into the main level. When in the main level, you can send messages to the guest boxes with the "send" command. Simple enough, but the menus & prompts do not reveal the mailbox number to enter when sending. THE GUEST MAILBOX NUMBERS ARE "91" "92" AND "93" for guests 1, 2, and 3, respectively. Now, with the layout in mind, the method of use: 1) Become guest 1. Assign the other two people to guests 2 and 3. All three of you can send messages to each other from the main level now. 2) To receive your messages, log on as guest 1. You can hear your messages from the main level as well, using "check receipt of msgs," but since that level is occupied it's best to stay out of it except when you must (to send msgs). 3) Each system has an administrator-set expiration for unreceived and archived msgs. The expiration could be 72 hours or a comfortable ten days. After determining the time, BE SURE NOT TO LET A MSG SIT IN A GUEST BOX AND EXPIRE. In such a case, anyone logging into the main level (like the unsuspecting box owner) would hear a message deletion notice: "You're message to GUEST TWO exceeded the time allowed...and was deleted." The previously unsuspecting mailbox owner would then be tipped off. 4) If the VmS answers 24 hrs, keep out of the main level during the day. If the owner checks his box and you're in it, he'll hear "That mailbox is already in use. Please try again later." Also, if you hang up on the VmS while in the main level (instead of exiting using '*') it could take up to several minutes before the system recognizes your departure, thus getting the above in-use message. Of the few ASPEN systems I've seen that DON'T have guest boxes, most have been for cellular phone answering and other non-corp- orate applications. This system, (800) 327-8801, has only three digit box numbers (rare) and also has no guest features. Recently, I called back a system that I haven't been on in over a year--"Fannie Mae" @ (800) 752-6440. It must have been under a "hack attack" since then, as security is now state-of-the-art and my dormant supply of boxes gone. Not only are 6 digits required for passwords, but the newest mailboxes are 7 digits (ex: 7523272). In addition, it is the only ASPEN I've seen where you have only ONE password attempt. A large system with a late software release, but no guest boxes--the guest feature must be administrator-enabled/disabled. The system has a local dial-up, (202) 752-7000 (off-hours, as is the WATS). Always check to see if your system has a local dial-up so that you may conserve the WATS as well as the life of your box. -*- Best of luck--and enjoy the ASPEN Friends and Family Plan. Don't forget to listen for corporate secrets, inter-office sex, etc. ******************************END PART I*********************************